Managing Risk Revision

Prudent risk management begins by accepting the possibility that unpleasant events might actually happen. But when organizations try to achieve goals that are a bit out of reach, they're often tempted to stretch resources by revising or denying risks. Here's a tactic for managing risk revision.

To manage risks properly, we must allocate resources to implement a risk management plan. Some resources must be allocated in advance of anticipated risk events, and some must be held in reserve "just in case."

Damage to one of the low causeway sections of the Interstate 10 Twin Bridge across Lake Pontchartrain, following Hurricane Katrina in 2005. The storm surge brought by the hurricane raised the water level high enough to trap air beneath the concrete causeway's spans, causing them to float off the bridge pier caps. (See Chen, et al.,Analysis of the Interstate 10 Twin Bridge's Collapse During Hurricane Katrina). The bridge was built in 1963, when the effects of hurricane storm surge were already understood, though not as well as they are now. Two other nearby bridges, a railroad bridge and the US 11 bridge, withstood the storm with only minor damage. The U.S. 11 bridge opened February 18, 1928. It survived, in part, because its concrete girders are arched, and therefore trapped a smaller volume of air under its spans, reducing their effective buoyancy during the storm surge.

Back in 2001, the exposure of New Orleans to hurricane risk was so well known that it was the subject of a superb article in Scientific American (See M. Fischetti, Drowning New Orleans). Moreover, the storm's effects on the bridges were entirely predictable — explaining them entailed no new engineering discoveries. One can easily speculate about how the outcome of Katrina might have differed if resources for risk study and mitigation had been made available, but one also wonders what disasters elsewhere are yet preventable. Photo by Commander Mark Moran, Lt. Phil Eastman and Lt. Dave Demers, NOAA. Courtesy U.S. National Oceanic and Atmospheric Administration.

Many organizations have difficulty allocating these resources, especially when resources are thin and risks haven't yet materialized. The temptation to hope that all will go well can lead some to attempt projects with insufficient reserves for risks. And it can lead others to deny that specific risks can ever occur.

For example, despite decades of widely accepted predictions, the U.S. government failed to provide adequate resources to New Orleans for hurricane-induced flood risk mitigation and planning.

In the project environment, at best, project managers or risk officers identify risks and propose resources to mitigate them. Project sponsors and organizational management then review these proposals for sufficiency and reasonableness. They negotiate with the project staff as necessary, and then they allocate appropriate resources for risk mitigation and management.

In many organizations, things rarely work that way. Organizations commit themselves to risk plans that amount to little more than naïve hopes and wishes for the best. How does this happen?

In some cases, the available resources cannot cover all identified risks unless everything breaks favorably. When someone identifies a risk that's expensive to manage, risk revision, exclusion, or denial enables those involved to commit to the effort despite resource shortages. When this happens, risks that do materialize can threaten the project — or worse, threaten the enterprise.

What can organizations do to manage risk revision?

One approach involves adding to the project plan an Appendix of Revised or Excluded Risks — risks that someone proposed, but which were edited before inclusion in the risk plan, or excluded altogether. For each revised risk, the appendix includes the original proposed risk, a revision history with dates, the arguments in favor of and against such revisions, and the names of all involved in each revision decision. The Appendix of Revised or Excluded Risks serves several purposes.

Audit trail

If the organization someday decides how particular risk types are to be addressed, the Appendix becomes a useful tool to help project teams bring their projects into compliance.

Deterrence

When available resources can't cover all identified risks, we sometimes revise the risks

To whatever extent organizational politics or intimidation play any role in risk revision or exclusion, the knowledge that revision decisions will be recorded in the Appendix might deter some intimidators or some who abuse political power to achieve their ends.

Support for organizational learning

The Appendix could provide useful data for project retrospectives, or even earlier, if trouble does appear during the project's execution.

If you think risk revision and denial aren't happening in your organization, you might want to add that observation to your Appendix of Revised or Excluded Risks. TopNext Issue

Projects never go quite as planned. We expect that, but we don't expect disaster. How can we get better at spotting disaster when there's still time to prevent it? How to Spot a Troubled Project Before the Trouble Starts is filled with tips for executives, senior managers, managers of project managers, and sponsors of projects in project-oriented organizations. It helps readers learn the subtle cues that indicate that a project is at risk for wreckage in time to do something about it. It's an ebook, but it's about 15% larger than "Who Moved My Cheese?" Just USD 19.95. Order Now! .

Related articles

A toxic project is one that harms its organization, its people or its customers. We often think of toxic
projects as projects that fail, but even a "successful" project can hurt people or damage
the organization — sometimes irreparably.

One often-neglected project risk is the risk of inaccurately reported status. That shouldn't be surprising,
because we often fail to report the status of the project's risks, as well. What can we do to better
manage status risk and risk status?

In virtual or global teams, conversations can be long, painful affairs. Settling issues and clearing
misunderstandings can take weeks instead of days, or days instead of hours. Here are some techniques
that ease the way to mutual agreement and understanding.

Forthcoming issues of Point Lookout

Coming March 21: Narcissistic Behavior at Work: III

People who behave narcissistically tend to regard themselves as special. They systematically place their own interests and welfare ahead of anyone or anything else. In this part of the series we consider how this claimed specialness affects the organization and its people. Available here and by RSS on March 21.

And on March 28: Narcissistic Behavior at Work: IV

Narcissistic behavior at work is more damaging than rudeness or egotism. It leads to faulty decisions that compromise organizational missions. In this part of the series we examine the effects of constant demands for attention and admiration. Available here and by RSS on March 28.

Are you a writer, editor or publisher on deadline?
Are you looking for an article that will get people talking and get compliments flying your way? You can have 500 words in your inbox in one hour. License any article from this Web site. More info

Public seminars

The Power Affect: How We Express Our Personal Power

Many people who possess real organizational power have a characteristic
demeanor. It's the way they project their presence. I call this the power affect. Some people —
call them power pretenders — adopt the power affect well before they attain significant organizational
power. Unfortunately for their colleagues, and for their organizations, power pretenders can attain
organizational power out of proportion to their merit or abilities. Understanding the power affect is
therefore important for anyone who aims to attain power, or anyone who works with power pretenders.
Read more about this program.

My blog, Technical Debt for Policymakers, offers
resources, insights, and conversations of interest to policymakers who are concerned with managing
technical debt within their organizations. Get the millstone of technical debt off the neck of your
organization!